Bad day for LinkedIn: not only did 6 million of their passwords get stolen and published online (as SHA1 hashes, but still), their iOS and Android applications uploaded your calendars to LinkedIn (after opting in, though). The Sensationalist Headline of the Day Award goes to Ars Technica. I guess everyone's starting to feel the sting of The Verge's fully deserved success.

I work in a financial company that must follow PCI and other standards. PCI is pain but when properly implemented and followed (key words) it's reduces the risk of passwords being stolen. Even if they are, they're properly encrypted.

I understand your concerns about the financial industry, the thefts from Global Payments and the others in the last few years are scary, but it's because those companies are NOT following standards properly. Whoever did Global Payment's audit, needs to loose their job. The auditing we're going through for PCI v2, is an even bigger PITA, but it's necessary.